This disclosure relates generally to the field of computer software. More particularly, but not by way of limitation. It relates to a method for managing encryption keys for computer software applications.
Complex distributed applications, specifically middle-tier applications, need to manage confidential information from multiple sources which is used for different purposes, including (a) database login usernames. and passwords, (b) back end server credentials, (c) X.509 certificates, (d) application login names and passwords, (e) confidential application data, and (f) end user data.
One common technique for managing confidential information is the use of cryptography services that may encrypt and decrypt the information. Each type of information may have different requirements for secure storage and retrieval. These requirements may include (a) encryption algorithm, (b) length of the encryption key, (c) lifetime of the encryption key, (d) storage of the encrypted data, (e) and performance.
These different requirements lead to different solutions being chosen for each domain of data. Given that each domain use will require its own key or keys for encryption, this leads to each area requiring a separate process for securely storing and retrieving their keys, encrypting and decrypting the data, managing key cycling requirements, maintaining key versions, etc.
One example of an application 100 needing encryption according to the prior art is illustrated in FIG. 1. Application 100 has three domains 110, 120, and 130. Each application domain 110-120 independently manages its own application data, encryption algorithms, keys, and key management policies. Domain 110 may choose to have its encryption key 112 stored in a file, domain 120 may hard code its encryption key 122 into the application, and domain 130 may choose to store one key 132 in a database and may require that the password 133 be entered at application startup. Along with key storage, the other policies around key management typically are haphazard and without any controls. There is typically little or no coordination or enforcement of policies 114, 124, or 134. This leads to a less secure application and makes determining the overall security of the application and its data more difficult.
Separate key storage and management policies leads to issues with the overall security of the application and its data. If one domain chooses a weak strategy, then it may expose the data for other domains by exposing an easier point of attack. In addition, with each domain and its encryption keys, there are the associated issues of enforcing key management policies, such as using mandated encryption, algorithms, key lengths, key storage, and key lifetime.